Information Security Policy Statement

ISACA Chennai Chapter is a not for profit organization registered as an association under the Tamilnadu Societies Registration Act 1975 governed by a professional volunteer board which is engaged in providing services and support relating to professional development events, training for ISACA certifications and providing other membership services. With ISACA Chennai Chapter’s critical reliance on information technology solutions and infrastructure that support its business functions, the Board is cognizant of its responsibilities in preserving the confidentiality and integrity of business information including sensitive member related information. The management and employees supported by all users at ISACA Chennai Chapter are committed to an effective Information Security Management System that supports its strategic business objectives and protects against information security threats and exposures.

To achieve the above, ISACA Chennai Chapter shall, appropriate to its size and nature of operations: 

  1. Establish and implement a suitable information security policy, processes and roles and responsibilities to protect the information assets of ISACA Chennai Chapter and its stakeholders from threats, both external as well as internal.
  2. Continually improve the Information Security Management System through the establishment and regular monitoring of measurable security objectives.
  3. Commit to comply with business, legal, regulatory and contractual security obligations, as may be applicable from time to time.
  4. Develop, implement, test and maintain a Business Continuity Plan as appropriate to the nature of its business
  5. Communicate the security policy to relevant stakeholders other interested parties as necessary. 

This policy statement shall apply to all employees and users of ISACA Chennai Chapter’s information processing facilities. The ISACA Chennai Chapter Board shall ensure that this policy is implemented, communicated, monitored and maintained at all levels of the organization and regularly reviewed for compliance and continual improvement.